How Share-Tube collects, uses, protects, and shares your personal data across
Share-Tube Tools and its connected services, in accordance with the laws of the
Republic of the Philippines.
๐ต๐ญ Republic Act No. 10173 โ Data Privacy Act of 2012 ยท Last updated: July 3, 2026
1Introduction
Share-Tube ("we", "us", "our") operates Share-Tube Tools and its
connected services, including Online POS, Famy Hub, Debt Manager, and Share-Tube Karaoke
(collectively, the "Services"). We are committed to protecting your personal data and
respecting your privacy rights.
This Data Privacy Policy is issued in compliance with Republic Act No. 10173, otherwise
known as the Data Privacy Act of 2012 ("DPA"), its Implementing Rules and Regulations
("IRR"), and the relevant issuances of the National Privacy Commission ("NPC") of the
Philippines. By using the Services, you acknowledge that you have read and understood this policy.
2Personal Data We Collect
We collect only the personal data necessary to operate the Services:
Contact information โ such as a mobile phone number used to receive one-time passwords (OTP) for administrator login via SMS.
Authentication data โ hashed one-time passwords and session tokens used to secure access. OTPs are never stored in plain text and expire after five (5) minutes.
Content you provide โ such as tool names, descriptions, links, and images you upload to the Services.
Technical and usage data โ such as IP address, browser type, device information, and access timestamps, which are automatically recorded in standard server logs.
Local storage data โ a session token stored in your browser's local storage to keep you signed in (see Section 8).
We do not knowingly collect sensitive personal information as defined under Section 3(l) of the DPA (e.g., health, race, religion, or government-issued identifiers) unless you voluntarily provide it, and we ask that you do not.
3Why We Collect It & Legal Bases
Under Sections 12 and 13 of the DPA, we process personal data on the following lawful bases:
Consent โ when you voluntarily provide information or agree to receive an OTP by SMS.
Contractual necessity โ to provide, maintain, and secure the Services you use.
Legitimate interest โ to prevent fraud and unauthorized access (e.g., limiting OTP attempts and temporarily locking accounts after repeated failures), and to maintain and improve the Services.
Legal obligation โ to comply with applicable Philippine laws, lawful orders of courts, or government agencies.
We adhere to the DPA's general principles of transparency, legitimate purpose, and proportionality: we collect only what is needed, use it only for declared purposes, and keep it only for as long as necessary.
4How We Share Personal Data
We do not sell, rent, or trade your personal data. We share it only with:
Service providers โ such as SMS gateway and hosting providers, strictly to deliver the Services (e.g., transmitting an OTP to your registered mobile number). These providers act under our instructions and are required to protect your data.
Government authorities โ when disclosure is required by law, regulation, or a lawful order (e.g., a subpoena or an order of the NPC or a Philippine court).
If personal data must be transferred outside the Philippines, we will ensure a comparable level of protection consistent with the DPA and NPC issuances on cross-border data transfers.
5Data Retention
One-time passwords โ stored as one-way hashes and invalidated after five (5) minutes or upon successful verification, whichever comes first.
Session tokens โ automatically expire and are purged twenty-four (24) hours after issuance, or immediately upon logout.
Uploaded content โ retained while the related tool exists on the platform, and removed when deleted by an administrator.
Server logs โ retained only for the period necessary for security monitoring and troubleshooting.
When retention is no longer necessary, personal data is securely deleted or anonymized in accordance with Section 11(e) of the DPA.
6Security Measures
Pursuant to Section 20 of the DPA, we implement reasonable and appropriate organizational, physical, and technical safeguards, including:
One-way hashing of OTPs (never stored in plain text);
Rate limiting and automatic three (3)-hour lockout after repeated failed login attempts;
Server-side access restrictions on data storage directories;
Validation of uploaded files to reject unexpected file types.
Breach notification. In the event of a personal data breach that is likely to give rise to a real risk of serious harm, we will notify the National Privacy Commission and affected data subjects within seventy-two (72) hours of knowledge of the breach, in accordance with NPC Circular No. 16-03 and related issuances.
7Your Rights as a Data Subject
Under Sections 16 to 18 of the DPA, you have the right to:
Be informed โ know whether and how your personal data is being processed;
Access โ obtain a copy of your personal data that we hold;
Object โ refuse processing of your personal data, including for direct marketing or profiling;
Rectification โ have inaccurate or incomplete data corrected;
Erasure or blocking โ request the removal or blocking of data that is unlawfully processed, outdated, or no longer necessary;
Data portability โ obtain your data in a commonly used electronic format;
Damages โ be indemnified for damages sustained due to inaccurate, incomplete, false, or unlawfully obtained or unauthorized use of your personal data;
Lodge a complaint โ file a complaint with the National Privacy Commission.
To exercise any of these rights, contact us using the details in Section 10. We will respond within a reasonable time and in accordance with the periods set by the NPC.
8Cookies & Local Storage
The Services do not use third-party advertising or tracking cookies. We use your browser's
local storage for one purpose only: keeping an authenticated administrator signed in
by storing a session token. You may clear this at any time by logging out or clearing your
browser's site data.
9Children's Privacy & Policy Changes
The Services are not directed at children. We do not knowingly collect personal data from minors
without parental or guardian consent. If you believe a minor has provided us personal data, please
contact us so we can delete it.
We may update this policy from time to time. Material changes will be posted on this page with a
revised "Last updated" date. Continued use of the Services after changes take effect constitutes
acceptance of the updated policy.